Quite many people have asked me to explain how does one encrypt the control channel so local people cant sniff the passwords etc.

SSH-pipes are solution for this, and gftpd fully supports bouncers through ssh-pipes.


Here is a step-by-step instructions how to do it correctly:

Requirements: sshd installed on the systems (ie. OpenSSH) and gftpd's ftp bouncer

Gftpd knows that string localhost is, as when ssh-pipe comes out it seems that connection is coming from localhost ie. you must enter 'localhost' as bounce_host.

SITEBOX:~ # grep bounce /etc/gftpd.sysconfig
# 0 = secure bounce disabled (bouncer also need to have securebounce:0)
# 1 = secure bounce enabled (bouncer needs to have securebounce:1)
# 2 = secure bounce enabled with showing /.ftp-data/refusebouncepage
securebounce 1

Ssh-pipe _must_ be opened from the bncbox to the sitebox(make sure that
you dont have autologout variable active). And do _not_ use -g flag since it compromises the security.
Direction bncbox->sitebox is quite important since when using sitebox->bncbox -R2222:ip:4444 you compromise the security because -R (remote forwards) ports can be connected from other hosts and -L (local forwards) ports can only be accessed by localhost. Or if you use -R then you have to firewall the 2222 port from outside connections.

BNCBOX:~ # ssh -L2222:

BNCBOX:~ # cat bouncer.conf

BNCBOX:~ # ./bouncer

To summarise, now BNCBOX listens for incoming connetions to port 8888 (so for users you give as the login info), when connection comes it forwards it to localhost (BNCBOX) port 2222. And that one is going encrypted with the ssh-pipe to the destination (SITEBOX) host, and comes out to port 4444 (which is the port that gftpd is listening). With securebounce 1 the bouncer first asks the daemon whether or not the ident@host is allowed, and if it is allowed, then it gives the login prompt back to the user, otherwise it doesnt answer anything.

Have fun with the increased security. Any questions: pgp pub key